Fedora 27 talking points

These are the Talking Points for the Fedora 27 release. For information on how these talking points were chosen, see Talking Points SOP. They are intended to help Ambassadors quickly present an overview of highlighted features when talking about the release, and to help drive content for the release, etc.

The talking points are based in part on the Change Set for this release.

Overall Release Story

Since we skipped the Alpha release for this cycle we just push out the Beta. We had some delays to grant the best stability and operability for our users.
The release date is 2017-10-03.

For this cycle, the server edition won't be shipped at the same time due to big changes happening inside the edition itself. This is due to the major change of building the server edition with modularity. For more informations, please read the Fedora Magazine article

Changes affecting security

No significant improvements. Software switched to the latest releases

Changes to talk about for developers

Fedora Atomic: changed the way of setting up containers. Kubernetes is now containerized and Cockpit includes Dashboard installation on Atomic Host via rpm package layering. The Atomic CLI is updated to version 1.19.1.

Pipewire (http://pipewire.org/). Our new media handling deamon. It will be used in Fedora Workstation 27 to handle screen sharing and screen capture under GNOME Shell, but long term Pipewire will be in charge of almost all audio and video devices on the system.

All changes

Fedora 27 Accepted System Wide Changes Proposals

Some x86 systems ship with a 64 bit CPU, but 32 bit UEFI firmware. It is possible to use a 32 bit UEFI grub build to boot a 64 bit kernel and distribution on these systems. So far this setup has not been supported in Fedora. This feature is about adding support for installing and booting Fedora on this hardware.

Override kernel default for dm-crypt mappings of LUKS1 encrypted volumes via flag put in /etc/crypttab file. This change should affect only newly created encrypted storage based on LUKS1 format during installation.

Host and Platform is an evolution of the Base Runtime module concept introduced in Fedora 26 Boltron, splitting the minimal system further into independent modules allowing for greater flexibility when composing and maintaining the base system.

The Modularity Working Group, Factory 2.0, Base Runtime, and Server Working Group would like to propose using the modular infrastructure for creating and delivering the Fedora Server Edition for Fedora 27. While we are still working through some of the kinks leading up to the release of Fedora 26, we believe that the changes to the infrastructure and technology implementations will be available with sufficient time to harden the components in time for the 27 release.

debuginfo packages can be installed in parallel to make it easier to trace, profile and observe what programs are doing or to debug when they have crashed. That way debugging, tracing or profiling programs can be done independent of whether they are 32bit, 64bit, a slightly newer or older version than currently installed or even from a different architecture.

Allow to install just the debuginfo for a subpackage and/or without the source files. The debuginfo packages are huge because they contain debuginfo and all sources for all subpackages. Being able to install only the debuginfo for the subpackage that is installed reduces the size that needs to be downloaded to analyze, trace, profile or debug a program or core file. Some tracing and profiling tools don't need the actual source files to provide stack traces or insert probes. So installing the debugsources should be optional.

By default, Java applications installed from RPMs are run with JVM found on PATH. We propose to run them with default system JVM, not considering PATH. Users will still be able to override the default using JAVA_HOME environment variable as before.

At the present time, running sudo pip3 in Fedora is not safe. Pip shares its installation directory with dnf, can remove dnf-managed files and generally break the Python 3 interpreter. We propose a series of measures that will make it safe to use.

Since the discovery of the SWEET32 flaw, ciphers using cipher-blocks smaller than 128-bits are considered vulnerable and should not be used any more. OpenVPN uses Blowfish (BF-128-CBC) as the default cipher, which is hit by the SWEET32 flaw. This proposal changes the default cipher to AES-256-GCM while in parallel allowing clients to connect using AES-256-CBC, AES-128-CBC or the deprecated BF-CBC,

Upstream removes support for SSH-1 protocol and we plan to do the same in Fedora. The protocol is years obsolete and not even supported in current default binaries (only in openssh-clients-ssh1 subpackage).

Samba AD is an open source implementation of an Active Directory set of tools and protocols. It allows Windows clients to be enrolled and managed using native Windows tools. In addition, Samba AD can serve as a domain controller for Fedora workstations and servers utilizing DCERPC, LDAP and Kerberos.

Editions

Fedora Atomic

Multi-Architecture Availability: Fedora 27 Atomic is now also available for 64-bit ARM (AArch64) and Power8 (ppc64le) architectures. Atomic provides both regular ISOs and cloudImages, and Atomic OSTree updates will be available for all three architectures.

Consolidated Storage Setup based on OverlayFS: Fedora Atomic 27 now defaults to a more simple container storage setup. Fedora 26 Atomic switched to OverlayFS2 as the default driver, but still had a separate volume for container storage. While the project does recommend a separate volume for production deployments, the new setup provides a simpler out-of-the-box experience. In Fedora 27 Atomic Host the default will be a large root filesystem, shared with the container storage.

Containerized Kubernetes by Default: Fedora Atomic 27 no longer includes Kubernetes, etcd, or flannel in the base OSTree. We offer containerized Kubernetes, flannel and etcd. This allows flexibility for users to choose different versions of Kubernetes, or to not use Kubernetes at all. If having Kubernetes installed via RPM is a requirement, then package layering is still an option.

Improvements in Package Layering: Version 27 includes the latest rpm-ostree, with support for base package overrides (removes and replaces). This builds on top of the previous features including support for direct RPM install, and experimental LiveFS layering, which allows layering without a reboot.

System Containers in the Fedora Registry: System Containers are a way of installing system infrastructure software as a container. Since the last release, the project has polished the System Container technology and now offers System Containers for Docker, Kuberetes, flannel, and etcd. These are all available in the Fedora Layered Image Registry.

Fedora Server

For this cycle, the server edition won't be shipped at the same time due to big changes happening inside the edition itself. This is due to the major change of building the server edition with modularity. For more information, please read the Fedora Magazine article

Fedora Workstation

Improved Settings - Both the Display and Network areas have been updated to make it simpler to configure these settings, and the overall Settings panel now has a tabbed appearance to make it easier to find the settings you need.

Builder - features a lot a improvements including to the debugger, the overall design, symbol search and word completion, and inline documentation.

System search - Has a new layout that shows more results at once -- and even includes system actions.

System tray removal - the antiquated system tray has been removed to reduce visual clutter and confusion. The Topicons extension is available for use with any applications that have not yet updated to make use of modern GNOME 3 standards.

Resizeable tiling - New tiling functionality in GNOME Shell that allows arbitrarily sized tiles. This is a precursor to bringing in quartile tiling in Fedora Workstation 28.

Fleet Commander - Our new Cockpit extension that gives you a incredible tool for managing large deployments of Fedora Desktops. Check out fleet-commander.org for details.

the new version allows you to create bootable SD cards with Fedora for ARM devices such as Raspberry Pi. Support for Windows 7 and screenshot handling have been improved. The utility also notifies you when a new release of Fedora is available. There are no big changes compared to the previous version, only stability and usability fixes.

Fedora ARM

Spins

KDE Plasma Desktop

The software released by the KDE community - Frameworks, Plasma, KDE Applications, and all the other applications with independent release schedule - was updated bringing fixes and improvements. For more information, please check:

Security

The Fedora Security Lab ships the latest releases of various tools which are useful if you need to do security auditing, forensics or system rescue. The Xfce Desktop Environment and a customized menu make the access to the tool as easy as possible and due to the nature of the Labs no additional download is necessary.

Wireshark, yersinia and siege, just to name some of the tools, were updated to provide you with the newest features.

Upgrading to the Latest Release

To learn how to upgrade to the latest release from a recent Fedora release using DNF, see here.